You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Eric Covener <co...@apache.org> on 2023/01/31 15:13:06 UTC
CVE-2022-25147: Apache Portable Runtime (APR): out-of-bounds writes in the apr_base64 family of functions
Severity: moderate
Description:
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.\nThis issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
Credit:
Ronald Crane (Zippenhop LLC) (reporter)
References:
https://apr.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-25147
Fwd: CVE-2022-25147: Apache Portable Runtime (APR): out-of-bounds writes in the apr_base64 family of functions
Posted by Eric Covener <co...@gmail.com>.
---------- Forwarded message ---------
From: Eric Covener <co...@apache.org>
Date: Tue, Jan 31, 2023 at 10:13 AM
Subject: CVE-2022-25147: Apache Portable Runtime (APR): out-of-bounds
writes in the apr_base64 family of functions
To: <an...@apache.org>, <pr...@apr.apache.org>
Severity: moderate
Description:
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer.\nThis issue affects Apache Portable
Runtime Utility (APR-util) 1.6.1 and prior versions.
Credit:
Ronald Crane (Zippenhop LLC) (reporter)
References:
https://apr.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-25147
--
Eric Covener
covener@gmail.com